[src/trunk]: src/usr.bin/login Avoid use-after-free bug in PAM environment

[kamil <kamil%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/30b248d04434
branches:  trunk
changeset: 848764:30b248d04434
user:      kamil <kamil%NetBSD.org@localhost>
date:      Sat Feb 08 13:44:35 2020 +0000

description:
Avoid use-after-free bug in PAM environment

Traditional BSD putenv(3) was creating an internal copy of the passed
argument. Unfortunately this was causing memory leaks and was changed by
POSIX to not allocate.

Adapt the putenv(3) usage to modern POSIX (and NetBSD) semantics.

diffstat:

 usr.bin/login/login_pam.c |  8 ++++----
 1 files changed, 4 insertions(+), 4 deletions(-)

diffs (29 lines):

diff -r 8af6b332a267 -r 30b248d04434 usr.bin/login/login_pam.c
--- a/usr.bin/login/login_pam.c Sat Feb 08 13:33:56 2020 +0000
+++ b/usr.bin/login/login_pam.c Sat Feb 08 13:44:35 2020 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: login_pam.c,v 1.25 2015/10/29 11:31:52 shm Exp $       */
+/*     $NetBSD: login_pam.c,v 1.26 2020/02/08 13:44:35 kamil Exp $       */
 
 /*-
  * Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994
@@ -39,7 +39,7 @@
 #if 0
 static char sccsid[] = "@(#)login.c    8.4 (Berkeley) 4/2/94";
 #endif
-__RCSID("$NetBSD: login_pam.c,v 1.25 2015/10/29 11:31:52 shm Exp $");
+__RCSID("$NetBSD: login_pam.c,v 1.26 2020/02/08 13:44:35 kamil Exp $");
 #endif /* not lint */
 
 /*
@@ -602,8 +602,8 @@
                char **envitem;
 
                for (envitem = pamenv; *envitem; envitem++) {
-                       putenv(*envitem);
-                       free(*envitem);
+                       if (putenv(*envitem) == -1)
+                               free(*envitem);
                }
 
                free(pamenv);